Krebs

Researchers Estimate 600,000 Macs infected by Flashback Trojan

by certifiedbug on April 10, 2012

in Internet Security

Apple

8 views…

http://support.apple.com/kb/HT5244

Forbes
4/06/2012

For anyone who doubted that Apple’s long grace period with cybercriminals is over, doubt no more: On Friday, researchers at Russian antivirus firm Kaspersky confirmed findings from another security firm earlier this week that more than 600,000 computers running Mac’s OSX are infected with the Flashback botnet, and half of those machines are in the United States.

http://www.forbes.com/sites/andygreenberg/2012/04/06/researchers-confirm-flashback-trojan-infects-600000-macs-being-used-for-clickfraud/

Krebs On Security

The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.

http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/

Forbes
4/09/2012
http://www.forbes.com/sites/andygreenberg/2012/04/09/apple-snubs-firm-who-discovered-mac-botnet-tries-to-cut-off-its-server-monitoring-infections/

Kaspersky Lab

“The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev. “There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time! The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”

http://www.kaspersky.com/about/news/virus?time=1333224000

{ 0 comments }

Fake Product Support

by certifiedbug on March 15, 2012

in Internet Security

KrebsOnSecurity
Aghast at Avast’s iYogi Support

The makers of Avast antivirus software are warning users about a new scam involving phone calls from people posing as customer service reps for the company and requesting remote access to user systems. Avast is still investigating the incidents, but a number of users are reporting that the incidents followed experiences with iYogi, the company in India that is handling Avast’s customer support.

A follow-up investigation by KrebsOnSecurity indicates that Avast (among other security companies) is outsourcing its customer support to a third-party firm that appears engineered to do little else but sell expensive and unnecessary support contracts.

Complete article: http://krebsonsecurity.com/2012/03/aghast-at-avasts-iyogi-support/

Avast! Blog
iYogi support service removed
https://blog.avast.com/2012/03/15/iyogi-support-service-removed/

We had initial reports of this behavior a few weeks ago and met with iYogi’s senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs’ experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products. We believe that this type of service, when performed in a correct manner, provides immense value to users. As such, over the next weeks, we will work with iYogi to determine whether the service can be re-launched.

Re-launched? :-o

ESET Threat Blog
Fake Support, And Now Fake Product Support

I first became aware of the plague of Indian companies operating PC and anti-virus support scams because one of our competitors advised me that one of them was apparently carrying out unethical marketing on ESET’s behalf. (They weren’t, of course, anything to do with ESET: see this blog series and this paper.)

I recently learned from my colleagues at ESET UK that cold-callers from Mumbai have developed a new twist on this cold-calling scam, calling people in the UK and apparently claiming to offer paid support in response to problems that don’t exist,

Complete article: http://blog.eset.com/2012/03/15/fake-support-and-now-fake-product-support

Of interest
Microsoft MVP Troy Hunt’s Blog:
Anatomy of a virus call centre scam
Scamming the scammers – catching the virus call centre scammers red-handed

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

{ 0 comments }

Shady Reshipping Centers

by certifiedbug on October 14, 2011

in Internet Security

Krebs On Security offers readers a behind-the-scenes look at a organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics.

Shady Reshipping Centers Exposed, Part I

There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.

http://krebsonsecurity.com/2011/10/shady-reshipping-centers-exposed-part-i/

{ 0 comments }

TDSS botnet sophisticated threat

by certifiedbug on September 7, 2011

in Internet Security

Krebs on Security

The TDSS botnet is the most sophisticated threat today, according to experts at Russian security firm Kaspersky Lab. First launched in 2008, TDSS is now in its fourth major version (also known as TDL-4). The malware uses a “rootkit” to install itself deep within infected PCs, ensuring that it loads before the Microsoft Windows operating system starts. TDSS also removes approximately 20 malicious programs from host PCs, preventing systems from communicating with other bot families.

Rent-a-Bot Networks Tied to TDSS Botnet

Krebs takes a closer look at a Russian individual who appears to have close ties to the TDSS operation.
Who’s Behind the TDSS Botnet?

TDL4 – Top Bot
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot#5

Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.

{ 0 comments }

Stolen Bank Cards Vendor Hacked

August 17, 2011

Krebs On Security Brian Krebs recently wrote about an online service that was selling access to stolen credit and debit card data. “The real news is that few of these fraud shops are secure enough to keep their stock of stolen data from being pilfered by thieves’, said Krebs. A prime example is the shop [...]

Read the full article →

eThieves Steal $217k

August 17, 2011

Last month Cyber Criminals stole $217,000 from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization. Krebs On Security Lea French, MECA’s chief financial officer, said the trouble began when an employee with access to the organization’s online accounts opened a booby-trapped email attachment containing password-stealing malware. The attackers used MECA’s online banking credentials [...]

Read the full article →

Scareware Industry lull

August 3, 2011

Another great article from Brian Krebs. Fake Antivirus Industry Down, But Not Out Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law [...]

Read the full article →

Captchabot

November 16, 2010

Interesting article by Brian Kreb on his blog krebsonsecurity.com. Last week, I wrote about a “bulletproof hosting” provider that offers dodgy Web hosting that is insulated from takedown by abuse complaints or requests from Western law enforcement agencies. Today, I’ll look at one of that bulletproof provider’s biggest clients: Captchabot.com, a service that automates the [...]

Read the full article →

Brian Krebs bids farewell to The Washington Post

December 29, 2009

This is a surprise, Through it all, you – the reader – have been my most valuable source, most reliable critic, and most persistent muse. Loyal readers are the reason Security Fix has consistently been among the most-visited blogs on washingtonpost.com. Thank you. I will continue to remain engaged in this increasingly vital news beat. [...]

Read the full article →